Automated Retrieval of ATT CK Tactics and Techniques for Cyber Threat Reports

04/29/2020
by   Valentine Legoy, et al.
0

Over the last years, threat intelligence sharing has steadily grown, leading cybersecurity professionals to access increasingly larger amounts of heterogeneous data. Among those, cyber attacks' Tactics, Techniques and Procedures (TTPs) have proven to be particularly valuable to characterize threat actors' behaviors and, thus, improve defensive countermeasures. Unfortunately, this information is often hidden within human-readable textual reports and must be extracted manually. In this paper, we evaluate several classification approaches to automatically retrieve TTPs from unstructured text. To implement these approaches, we take advantage of the MITRE ATT CK framework, an open knowledge base of adversarial tactics and techniques, to train classifiers and label results. Finally, we present rcATT, a tool built on top of our findings and freely distributed to the security community to support cyber threat report automated analysis.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
08/25/2022

Automatic Mapping of Unstructured Cyber Threat Intelligence: An Experimental Study

Proactive approaches to security, such as adversary emulation, leverage ...
research
08/25/2021

Towards Dynamic Threat Modelling in 5G Core Networks Based on MITRE ATT CK

This article discusses how the gap between early 5G network threat asses...
research
11/23/2022

Principled Data-Driven Decision Support for Cyber-Forensic Investigations

In the wake of a cybersecurity incident, it is crucial to promptly disco...
research
11/25/2018

Automated Dataset Generation System for Collaborative Research of Cyber Threat Intelligence Analysis

The objectives of cyber attacks are becoming sophisticated and the attac...
research
07/18/2022

Towards Automated Classification of Attackers' TTPs by combining NLP with ML Techniques

The increasingly sophisticated and growing number of threat actors along...
research
12/07/2022

THREAT/crawl: a Trainable, Highly-Reusable, and Extensible Automated Method and Tool to Crawl Criminal Underground Forums

Collecting data on underground criminal communities is highly valuable b...
research
06/03/2021

Cybersecurity Information Exchange with Privacy (CYBEX-P) and TAHOE – A Cyberthreat Language

Cybersecurity information sharing (CIS) is envisioned to protect organiz...

Please sign up or login with your details

Forgot password? Click here to reset